completely masking sending IP address & local IP address in Thunderbird Mail Headders
Currently in the article: http://security.stackexchange.com/questions/45956/does-thunderbird-send-ip-address it states to mask sending IP address & local IP address create mail.smtpserver.default.hello_argument parameter with a example.com string value via Thinderbird's Config Editor and assign anything something like: example.com.
In a standard header we see: From - Wed Jan 11 9:28:38 2017 X-Account-Key: BlaBlaBla X-UIDL: BlaBlaBla X-Mozilla-Status: BlaBlaBla X-Mozilla-Status2: BlaBlaBla X-Mozilla-Keys: Return-path: <BlaBlaBla@BlaBlaBla.com> Envelope-to: BlaBlaBla@BlaBlaBla.com Delivery-date: Wed, 11 Jan 2017 09:28:59 -0500 Received: from [1.1.1.1] (port=12345 helo=[192.168.0.4])
And clearly this isn't going to work. Applying the fix above we would get Received: from [1.1.1.1] (port=12345 helo=[example.com])
What is needed is: Received: from [X.Y.Z.A] (port=ABCDEF helo=[example.com]) where X.Y.Z.A and ABCDEF can be defined at will
Where in Thunderbird configuration precicely can the values for
1) X.Y.Z.A 2) ABCDEF
so as to be static ?
My ISP has specific IP addresses for their sending servers and it would be great if there were some plug in or Ad-On that allows an IP list which rotates each time thunderbird is started or say, each hour. There is NO need from my mail servers to have the exact IP address where I am sending from and I certainly do NOT want my IP address and port details attached to every email that I sent.
Any help would be great. I've searched the internet for 1mo with no resolution and I'm sure others have the same issue.
Ti ṣàtúnṣe
All Replies (2)
You are aware that the mail server will record the email address you connect from. That is how mail headers work.
For example I send mail from Gmail. The header shows 192.168.0.1 that is my local IP address as provided by Thunderbird. Realy a fairly useless detail as there are a million and one computers or routers on local networks with that IP address. Following that is my remote IP address that the Googles mail server received the connection from.
So your choice is the local address Thunderbird uses, or the local IP address issued by your ISP. But as many providers like yahoo actually record the ip address you connect from and place than is yet another x header.
X-Originating-IP:
I think that is also somewhat futile.
Then there is the fact that reverse DNS gets used to detect spam. as well as checking of the route of the mail. Put invented values in the route and what the spam hammer fall when your mail gets to the receiving servers.
Might I ask what is the point of masking the path mail traversed in mail headers? Personally I would be more interested in encrypting the content from snoops instead of hiding who was the sender. In my country at least if I use my ISP to send the mail they will log the mail and the to and from details for the governments catch all data collection. :) they apparently still do not understand DNS or s/Mime. but one day they will.
Matt, thanks for the response, maybe I am missing something. My goal is to hard code in Thunderbird the IP address of my actual outgoing mail servers as to show that composition of the messages took place there. My understanding is that there will be no issue with "reverse DNS for spam" from the recipients receiving server as it will will see my email composed and sent from the same machine: my outgoing server.
Examining a typical Thunderbird's email headers the example would be this: 1) the machine where I am composing the email is at 2.2.2.2 2) I hard code my outgoing servers as 1.1.1.1 in my email headers of Thunderbird 3) I am sending it to recipient on mail server 3.3.3.3 and that machine sees my message being composed and sent from 1.1.1.1 ( which could easily be a web mail interface ) on 1.1.1.1
To my knowledge there no handshake checks with 2.2.2.2 @ 3.3.3.3 before 3.3.3.3 receives my email sent from 1.1.1.1. Once my message is accepted at 1.1.1.1 and is accepted for delivery by 3.3.3.3 after 3.3.3.3 does the handshake with 1.1.1.1 everything is set. Therefore hardcoding in Thunderbird that the message was composed on 1.1.1.1 should be no issue Or have I missed something?
This isn't for spam purposes or hiding from the government, etc., this is just simply to protect our routers, network, NIC's, etc., IP addresses from all forms of intrusion or identification as we travel and work from multiple locations and as it's always good to lock down your networks. Have I missed anything here that would cause problems?
Ti ṣàtúnṣe